Signal Game Analysis between Software Vendors and Third-Party Platforms in Collaborative Disclosure of Network Security Vulnerabilities

Qiang Xiong, Yifei Zhu, Zhangying Zeng, Xinqi Yang
{"title":"Signal Game Analysis between Software Vendors and Third-Party Platforms in Collaborative Disclosure of Network Security Vulnerabilities","authors":"Qiang Xiong, Yifei Zhu, Zhangying Zeng, Xinqi Yang","doi":"10.1155/2023/1027215","DOIUrl":null,"url":null,"abstract":"The global network threat is becoming more and more serious, and network security vulnerability management has become one of the critical areas in the national information security emergency system construction. To guide the third-party sharing platforms regarding network security vulnerability management, this work constructs a signal game model comprising third-party vulnerability sharing platforms and software vendors for vulnerability collaborative disclosures. In addition, we analyze the game strategy selection and its influencing factors. The results show that there are two perfect Bayesian equilibria, including separation equilibrium and mixed equilibrium, due to the incomplete lines of information disclosure. The equilibrium state is mainly based on the compression time of the protection period and the existence ratio of the software vendors who develop the patches in the market. This work puts forward some suggestions in terms of the protection period, reputation loss, and relevant laws and regulations.","PeriodicalId":72654,"journal":{"name":"Complex psychiatry","volume":"2023 1","pages":"1027215:1-1027215:11"},"PeriodicalIF":0.0000,"publicationDate":"2023-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Complex psychiatry","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1155/2023/1027215","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

The global network threat is becoming more and more serious, and network security vulnerability management has become one of the critical areas in the national information security emergency system construction. To guide the third-party sharing platforms regarding network security vulnerability management, this work constructs a signal game model comprising third-party vulnerability sharing platforms and software vendors for vulnerability collaborative disclosures. In addition, we analyze the game strategy selection and its influencing factors. The results show that there are two perfect Bayesian equilibria, including separation equilibrium and mixed equilibrium, due to the incomplete lines of information disclosure. The equilibrium state is mainly based on the compression time of the protection period and the existence ratio of the software vendors who develop the patches in the market. This work puts forward some suggestions in terms of the protection period, reputation loss, and relevant laws and regulations.
软件厂商与第三方平台协同披露网络安全漏洞的信号博弈分析
全球网络威胁日益严重,网络安全漏洞管理已成为国家信息安全应急体系建设中的关键领域之一。为了指导第三方共享平台进行网络安全漏洞管理,本文构建了由第三方漏洞共享平台和软件厂商组成的信号博弈模型,用于漏洞协同披露。此外,还分析了博弈策略选择及其影响因素。结果表明,由于信息披露线不完备,存在分离均衡和混合均衡两种完美的贝叶斯均衡。平衡状态主要基于保护期的压缩时间和开发补丁的软件厂商在市场上的存在率。本文从保护期限、声誉损失、相关法律法规等方面提出了建议。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
CiteScore
2.80
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信